September Patch Tuesday: Browser, Exchange, Office Bugs Dominate

By | September 30, 2016

The second Tuesday of the month is here, which means one thingnew patches from Microsoft. Compared to recent months, September’s batch of patches is slightly larger with 14 bulletins in all, evenly split between Critical and Important ones.
The seven Critical vulnerabilities allow for remote code execution by an attacker via multiple Microsoft products:
Internet Explorer (MS16-104)
Microsoft Edge (MS16-105)
Microsoft Graphics Component of Windows (MS16-106)
Microsoft Office (MS16-107)
Microsoft Exchange Server (MS16-108)
VBScript engine (MS16-116)
Internet Explorer version of Adobe Flash Player (MS16-117)
In general, these vulnerabilities can be exploited via common methodsi.e., opening a malicious website/document/script. The Exchange Server vulnerability is worth calling out, though: that vulnerability can be exploited via a specially crafted email message. While not a new threat, it is relatively uncommon, and system administrators should know about this slight oddity to this month’s patches.
The remaining Important bulletins cover a variety of products as well, including Silverlight, the SMBv1 server, and the Windows PDF library. These allow for less risky cases of code execution and/or information disclosure.
As one may have noted earlier, the Critical bulletins included a patch for Adobe Flash Player. In sync with Patch Tuesday, Adobe also released bulletins for their own products, including Flash Player (APSB16-29). This bulletin fixes 26 distinct vulnerabilities in the popular plug-in, and raises the current version to 22.0.0.211.
We recommend that users update their installed software as soon as is practical for their organizations.
Trend Micro researchers took part in the discovery of the following vulnerabilities and/or security improvements
CVE-2016-3351 (MS16-104, MS16-105)
Defense in depth for MS16-105
The following vulnerabilities were disclosed via Trend Micro’s Zero Day Initiative (ZDI):
CVE-2016-3247 (MS16-104, MS16-105)
CVE-2016-3292 (MS16-104)
CVE-2016-3294 (MS16-105)
CVE-2016-3295 (MS16-104, MS16-105)
CVE-2016-3353 (MS16-104)
CVE-2016-3365 (MS16-107)
CVE-2016-3376 (MS16-116)
CVE-2016-3377 (MS16-105)
CVE-2016-4276 (APSB16-29)
CVE-2016-4276 (APSB16-29)
Trend Micro Solutions
Trend Micro Deep Security and Vulnerability Protection protect user systems from any threats that may target these Microsoft vulnerabilities via the following DPI rules:
1007920—Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-3247)
1007921—Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-3295)
1007922—Microsoft Internet Explorer And Edge Memory Corruption Vulnerability (CVE-2016-3297)
1007923—Microsoft Internet Explorer And Edge Information Disclosure Vulnerability (CVE-2016-3325)
1007924—Microsoft Internet Explorer And Edge Information Disclosure Vulnerability (CVE-2016-3351)
1007925—Microsoft Scripting Engine Memory Corruption Vulnerability (CVE-2016-3375)
1007926—Microsoft Edge Memory Corruption Vulnerability (CVE-2016-3294)
1007927—Microsoft Scripting Engine Memory Corruption Vulnerability (CVE-2016-3377)
1007928—Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-3324)
1007929—Microsoft PDF Library Remote Code Execution Vulnerability (CVE-2016-3370)
1007930—Microsoft PDF Library Remote Code Execution Vulnerability (CVE-2016-3374)
1007931—Microsoft Windows Information Disclosure Vulnerability (CVE-2016-3352)
1007933—Microsoft Windows Session Object Elevation Of Privilege Vulnerability (CVE-2016-3305)
1007934—Microsoft Windows Session Object Elevation Of Privilege Vulnerability (CVE-2016-3306)
1007935—Microsoft Windows Kernel Elevation Of Privilege Vulnerability (CVE-2016-3371)
1007936—Microsoft Windows Elevation Of Privilege Vulnerability (CVE-2016-3373)
1007937—Microsoft Win32k Elevation Of Privilege Vulnerability (CVE-2016-3348)
1007938—Microsoft GDI Elevation Of Privilege Vulnerability (CVE-2016-3355)
1007939—Microsoft Office Memory Corruption Vulnerability (CVE-2016-3357)
1007940—Microsoft Office Memory Corruption Vulnerability (CVE-2016-3358)
1007941—Microsoft Office Memory Corruption Vulnerability (CVE-2016-3359)
1007942—Microsoft Office Memory Corruption Vulnerability (CVE-2016-3360)
1007943—Microsoft Office Memory Corruption Vulnerability (CVE-2016-3362)
1007944—Microsoft Office Memory Corruption Vulnerability (CVE-2016-3363)
1007945—Microsoft Office Memory Corruption Vulnerability (CVE-2016-3364)
1007946—Microsoft Office Memory Corruption Vulnerability (CVE-2016-3365)
1007947—Microsoft Office Memory Corruption Vulnerability (CVE-2016-3381)
TippingPoint customers are protected from attacks exploiting these vulnerabilities with the following MainlineDV filters:
39131: HTTP: Microsoft PowerPoint Bitmap Memory Corruption Vulnerability
39132: HTTP: Microsoft Internet Explorer and Edge Font Memory Corruption Vulnerability
39135: Kerberos: Microsoft Windows Kerberos NTLM Fallback Authentication Bypass Vulnerability
39136: HTTP: Microsoft Edge Proxy Type Confusion Vulnerability
39137: HTTP: Microsoft Edge PDF Information Disclosure Vulnerability
39138: HTTP: Microsoft Edge PDF Information Disclosure Vulnerability
39141: HTTP: Microsoft Windows Win32k ValidateZorder Memory Corruption Vulnerability
39143: HTTP: Microsoft Internet Explorer TextDecoration Information Disclosure Vulnerability
39145: HTTP: Microsoft Windows Win32k NtGdiQueryFonts Information Disclosure
39146: HTTP: Microsoft Windows Ntoskrnl Session Hijacking Vulnerability
39147: HTTP: Microsoft Windows Ntoskrnl Session Hijacking Vulnerability
39148: HTTP: Microsoft Windows NtLoadKeyEx Privilege Escalation Vulnerability
39149: HTTP: Microsoft Windows Application Hive Privilege Escalation Vulnerability
39150: HTTP: Microsoft Excel Binary Use-After-Free Vulnerability
39151: HTTP: Microsoft Windows Win32k-GDI Buffer Overflow Vulnerability
39152: HTTP: Microsoft Excel Information Disclosure Vulnerability
39153: HTTP: Microsoft Internet Explorer and Edge wininet.dll Information Disclosure Vulnerability
39154: HTTP: Microsoft Office DLL Hijacking Vulnerability
39155: HTTP: Microsoft Excel Binary Workbook Use-After-Free Vulnerability
39157: HTTP: Microsoft Excel Binary Memory Corruption Vulnerability
39158: HTTP: Microsoft Internet Explorer and Edge CSS Information Disclosure Vulnerability (ZDI-16-513)
39159: HTTP: Microsoft Excel Binary Memory Corruption Vulnerability
39161: HTTP: Microsoft Excel Binary Memory Corruption Vulnerability
39162: HTTP: Microsoft PowerPoint ppcore Memory Corruption Vulnerability
40712: HTTP: Microsoft Internet Explorer and Edge mimeType Information Disclosure Vulnerability
40713: HTTP: Microsoft Internet Explorer VBScript ADODB.Connection Use-After-Free Vulnerability
40714: SMB: Microsoft Windows NTLM Information Disclosure Vulnerability
40715: HTTP: Microsoft Internet Explorer Protected Mode Sandbox Escape Vulnerability (ZDI-16-510)
Post from: Trendlabs Security Intelligence Blogby Trend Micro
September Patch Tuesday: Browser, Exchange, Office Bugs Dominate


Please check this great service at: http://www.test-net.org/services/bandwidth-meter/ or visit FREE SERVICES menu

[કુલ: 0    સરેરાશ: 0/5]

Leave a Reply

Your email address will not be published. Required fields are marked *